Novell Netdrive at MSU acts Flaky

Since I’m teaching again this semester, so over the holiday break I set up a little website where I could post links, resources and various interactive things that don’t really work well with blackboard. I used my Novell Netdrive account since CORE deleted my unix account few weeks after I got my MS. I never really found out why, but it probably had something to do with a random php script that I wrote my sophomore year. It essentially appended user input to a text file and then displayed the text from that file on the page creating a primitive “blog comments” like effect on some of the pages. Needless to say, at some point it got spammed into oblivion, and being lazy I never really disabled it.

Or it could be the fact that I compiled and installed quite a few apps in my home directory, including a never version of VIM, nmap, netcat and few other security tools that probably freak out sysadmins. :P When I started teaching I asked if I can have my unix account back once or twice via email but I never got a response. When I arrive on campus these days, the CORE folks are long gone. In fact, everyone except for students and few professors who teach evening classes is gone. I never noticed that when I was a student because I would usually spend a whole day on campus doing research, GA stuff and etc.

Now that I work full time and I can’t get there before 5pm I never really see the administrative and support staff anymore. All communication with the secretarial staff regarding printing teaching materials or obtaining supplies must be done remotely. To be fair, I think there is like one day a week when the Registrar’s office and couple of other important administrative offices on campus are open till like 6pm – but most of the non-faculty inhabitants of MSU vacates their offices at like 4:30. Sigh…

Anyway, I used Netdrive because that’s all I have right now. I used some very simple PHP scripting mainly because I didn’t feel like copying and pasting the header and footer on every single page. Over the holidays I figured out that you can actually enable PHP parsing if you make your .php files executable. Naturally you don’t get shell access to your account, but Netdrive has a very clunky and counter-intuitive web interface. You can use it to make your stuff executable to the world, (but it requires some digging in the “Properties” panel) on a “per file” basis. That’s exactly what I did over the break and everything was working.

I decided to check back on the site today and I noticed that my PHP files were being displayed as text. WTF? I went back to the web interface, and sure enough – all the execute permissions were gone. I set them back, reloaded my page and…

Nothing. My page was still displaying text. At that point I gave up and figured they probably locked it down or something. It wouldn’t be surprising if they removed PHP access from the general netdrive accounts for security reasons.

Fast forward 20 minutes. I went back to the website to see if I can turn it into a static HTML, and lo and behold, it rendered normally importing headers, footers and all the dynamic content. WTF? Perhaps it took a while before the permission changes took effect or something. Or perhaps the text version of the PHP page just got stuck in my cache?

Did anyone else lose the execute permissions on your netdrive files? Is there some sort of a cron-job that resets these things every once in a while or something? Or am I just experiencing some system hiccups?

They did send me an email that there was some issue with my account and they deactivated it for security reasons. I’m guessing it could have been one of these things:

1. unsecure php scripts with write access all over my public_html directory
2. my webpage being hammered with comment spam because of the above scripts
3. tons of downloaded and compiled 3rd party binaries – some of them very suspecious in nature (nmap, john the ripper etc…)
4. the fact that I was running a very computationally intensive multi threaded code 24-7 in the last month or two prior to graduation

Or maybe it was a combination of all of the above. But yeah, I hear they rarely delete your pegasus account unless there is an issue with it. :P

Currently you have JavaScript disabled. In order to post comments, please make sure JavaScript and Cookies are enabled, and reload the page.Click here for instructions on how to enable JavaScript in your browser.